Task/cdd 3145 validate cognito jwt

[mattjreynolds]

Description

• Add validation and authentication of cognito JWT for requests that have an X-UHD-AUTH header sent from the frontend (see frontend PR)
• Requires environment variables to be set for AWS_REGION and AWS_USER_POOL (see infra PR)
• Note for testing: currently the frontend does not send the token even for non-public requests, because it doesn't distinguish between public and non-public requests when calling the API. So API testing would need to be done manually with a valid (and current - they expire after 1 hour) JWT token e.g via postman, with a custom header like 'X-UHD-AUTH': 'Bearer: eyJraWQiOi.....'

Fixes #CDD-3145
Addresses part of #CDD-3146 (returns a user, but without permission sets)

---

Type of change

Please select the options that are relevant.

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Tech debt item (this is focused solely on addressing any relevant technical debt)

---

Checklist:

• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• I have added tests at the right levels to prove my change is effective
• I have added screenshots or screen grabs where appropriate
• I have added docstrings in the correct style (google)

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud